Application Security Engineer

Summary

The job is for a Security Engineer at dLocal, a global team that simplifies payment expansion in emerging markets. The role involves implementing a software assurance model, performing security design reviews, code reviews, and triaging security vulnerabilities. The position offers flexible work culture with travel, health, learning benefits, among others.

Requirements

• Strong proficiency in at least one programming language like Java and/or NodeJS and also knowledge in any scripting languages
• Hands-on experience working with developers in building a software assurance model
• Demonstrate the ability to manually fix/mitigate security flaws on web applications and APIs code-level
• Experience designing secure web services, APIs and microservice architectures
• Familiarity with threat modeling frameworks in cloud-base environments (OWASP, STRIDE, MITRE, etc)
• Experience with application/development security tools including but not limited to: Burp Suite, Qualys/WAS (or similar), Checkmarx (or similars), Bitbucket (or similars), Jenkins, Docker, etc)
• Familiarity with implementation and maintenance of SAST/DAST/IAST/SCA security sensors in a development pipeline
• In-depth knowledge of OWASP10, SANS25 and other world-known application security frameworks
• Understanding of a complete SDLC and how to make it secured (S-SDLC)
• Familiarity with Cloud platforms (AWS or equivalent)
• Ability to lead people to problem resolution when it comes to Security (Integrate teams, specially Engineering Team)
• Effective written and oral communication involving both business and technical sides of the business
• Quickly identify issues and solve them
• Ability to present technical risks to broader audience (both written and spoken)

Responsibilities

• Implement a software assurance model
• Perform security design reviews for new features and product releases
• Perform code reviews and advise developers on remediation techniques
• Design controls to detect and respond to common attacks on our platform
• Triage and respond to external inquiries around security vulnerabilities
• Facilitate internal training on various security topics to raise awareness and interest

Preferred Qualifications

• Certified in any related security development certifications like CSSLP, CASE or others
• Exposure to PCI-DSS framework or any other relevant security standard will be valued
• Extensive knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
• Have had developed a personal or enterprise software/script with focus on security (exploitation of vulnerabilities, hardening automation, API integration for security)

Benefits

• Flexible work culture
• Travel
• Health benefits
• Learning benefits